<?php
/***************************************************************************
*						    ucp_color.php
*							--------------
*	begin		: 2006/06/15
*	copyright	: phantomk
*	email		: phantomk@hackbb.com
*
*	Version		: 0.0.1 - 2006/06/15
*
***************************************************************************/

/***************************************************************************
*
*   This program is free software; you can redistribute it and/or modify
*   it under the terms of the GNU General Public License as published by
*   the Free Software Foundation; either version 2 of the License, or
*   (at your option) any later version.
*
***************************************************************************/

if ( !defined('IN_PHPBB') )
{
	die('Hack attempt');
}

//
// we are doing some basic checks in case of not-coherent auths settings
// and to protect main founder, and founders profiles against a founder modifying other founders (same for admins)
//

// anonymous can't act on this panel
// anonymous register edition denied in all cases for everybody, included founder
$no_access = ($user->data['user_id'] == ANONYMOUS) || ($view_user->data['user_id'] == ANONYMOUS);

// A user can access this panel only if he modifies his own profile, or if he has authorization onto the viewed user groups
if ( !$no_access )
{
	$user_is_manager = $user->auth(POST_GROUPS_URL, 'ucp_edit_registration', $view_user->get_groups_list());
	$no_access = ($view_user->data['user_id'] != $user->data['user_id']) && !$user_is_manager;
}

// we are modifying another profile
if ( !$no_access && ($user->data['user_id'] != $view_user->data['user_id']) )
{
	$sql = 'SELECT group_moderator
				FROM ' . GROUPS_TABLE . '
				WHERE group_id = ' . intval(GROUP_FOUNDER);
	$result = $db->sql_query($sql, false, __LINE__, __FILE__);
	$main_founder = ($row = $db->sql_fetchrow($result)) ? intval($row['group_moderator']) : 0;
	$db->sql_freeresult($result);

	// only main founder has access to his profile registration data
	$no_access = $view_user->data['user_id'] == $main_founder;

	// we don't want a founder to modify another founder registration, except if the actor is the main founder
	// we don't want neither a regular user manager to modify a founder or admin profile registration data
	if ( !$no_access && ($user->data['user_id'] != $main_founder) )
	{
		$view_is_founder = in_array(GROUP_FOUNDER, $view_user->get_groups_list());
		$view_is_admin = in_array(GROUP_ADMIN, $view_user->get_groups_list());

		$no_access = $view_is_founder || (!$view_is_founder && $view_is_admin && !in_array(GROUP_FOUNDER, $user->get_groups_list()));
	}
}

// define fields
$color_fields = array(
	'user_group_id' => array('type' => 'list', 'legend' => 'AGCM_user_color', 'explain' => 'AGCM_user_color_explain', 'field' => 'user_group_id', 'options' => '[func]group_color_select'),
);

$fields = empty($fields) ? $color_fields : $fields;
unset($color_fields);

// no access : end there
if ( $no_access || empty($fields) )
{
	$cp_panels->display_empty();
	return;
}

class user_agcm extends auto_form
{
	function validate()
	{
		global $config, $user, $db;
		global $view_user, $user_is_manager;
		global $error, $error_msg;

		if ( $error )
		{
			return;
		}

		// let's start to build the fields
		$fields = array();
		$change_user_group_id = false;

		// user_group_id changed
		$change_user_group_id = ($this->fields['user_group_id']->value != $view_user->data['user_group_id']) && !$this->fields['user_group_id']->data['output'];

		// other fields & update
		foreach ( $this->fields as $field_name => $field )
		{
			if ( empty($field->data['field']) || !isset($fields[ $field->data['field'] ]) )
			{
				$this->fields[$field_name]->validate();
				if ( !empty($field->data['field']) )
				{
					$fields[ $field->data['field'] ] = $field->value;
				}
				if ( !empty($field->data['sub_fields']) && is_array($field->data['sub_fields']) )
				{
					foreach ( $field->data['sub_fields'] as $sub_field_name => $sub_field_table_field )
					{
						if ( !isset($fields[$sub_field_table_field]) )
						{
							$fields[$sub_field_table_field] = $field->data['sub_values'][$sub_field_name];
						}
					}
				}
			}
		}
		if ( !empty($fields) )
		{
			if ( !$change_user_group_id && isset($fields['user_group_id']) )
			{
				unset($fields['user_group_id']);
			}
		}
		if ( !empty($fields) )
		{
			$db->sql_statement($fields);
			$sql = 'UPDATE ' . USERS_TABLE . '
						SET ' . $db->sql_update . '
						WHERE user_id = ' . intval($view_user->data['user_id']);
			$db->sql_query($sql, false, __LINE__, __FILE__);

			// fill the memory
			$view_user->data = array_merge($view_user->data, $fields);
		}

		// adjust some data on username edition
		if ( $change_user_group_id )
		{
			// update stats if necessary
			if ( ($view_user->data['user_id'] != ANONYMOUS) && ($view_user->data['user_id'] == intval($config->data['stat_last_user'])) )
			{
				$config->begin_transaction();
				$config->set('stat_last_user', $view_user->data['user_id']);
				$config->set('stat_last_username', $view_user->data['username']);
				$config->set('stat_last_user_group_id', $this->fields['user_group_id']->value);
				$config->end_transaction();
			}
			else if ( empty($config->data['stat_last_user_group_id']) )
			{
				$sql = 'SELECT user_id, username, user_group_id
						FROM ' . USERS_TABLE . '
						ORDER BY user_id DESC
						LIMIT 1';
				$result = $db->sql_query($sql, false, __LINE__, __FILE__);
				$row = $db->sql_fetchrow($result);

				$config->begin_transaction();
				$config->set('stat_last_user', $row['user_id']);
				$config->set('stat_last_username', $row['username']);
				$config->set('stat_last_user_group_id', $row['user_group_id']);
				$config->end_transaction();

				$db->sql_freeresult($result);
			}
		}

		// return
		$return_msg = 'Profile_updated' . ($view_user->data['user_id'] == $user->data['user_id'] ? '' : '_other');

		// send achievement message
		message_return($return_msg, $this->return_msg, $config->url($this->requester, $this->return_parms, true));
	}
}

// instantiate the form
$parms = array(
	'mode' => $menu_id,
	'sub' => $subm_id == $menu_id ? '' : $subm_id,
	'ctx' => $ctx_id == $subm_id ? '' : $ctx_id,
);

if ( $user->auth(POST_GROUP_URL, 'auth_edit_admin', GROUP_REGISTERED) && _button('create_form') )
{
	redirect($config->url($cp_requester, array('mode' => 'register', 'sid' => $user->data['session_id']), true));
}

$form = new user_agcm($view_user->data, $fields, $cp_requester, 'Click_return_' . $menu_id . ($view_user->data['user_id'] == $user->data['user_id'] ? '' : '_other'), $cp_parms + $parms);
$form->process();
$template->set_switch('form');
$template->set_filenames(array('body' => 'cp_generic.tpl'));

?>